Sign in
Sign in and find your workspace covers the standard sign-in flow.
Two-factor authentication (2FA) adds a second check to your sign-in. After you enter your password, Sparqbox asks for a 6-digit code from your authenticator app. Even if someone else learns your password, they still can't sign in without the code.
You set up 2FA from your account security page.
After enrolment, every new sign-in session will prompt for a 6-digit code after the password step.
The code refreshes every 30 seconds in your authenticator app. If the code is about to expire, wait for the next one.
On the verification step you'll see a Trust this device for 30 days checkbox. Tick it before clicking Verify and that browser won't ask for a code again for 30 days.
Trusted devices are tied to your browser profile. Clearing your cookies or switching browsers removes the trust, so you'll be prompted again.
To see which devices are trusted and revoke any of them, go to Account → Security → Trusted devices. See Trusted devices below.
If you can't reach your authenticator app, click Lost your phone? Use a recovery code on the verification screen and enter one of your 10 single-use backup codes instead.
Using a recovery code signs you in and immediately disables your 2FA factor. You land back at standard sign-in (single factor). If your workspace requires 2FA for all members, you'll be taken directly to the 2FA setup screen to re-enrol. See Recovery codes below.
When you first set up 2FA, Sparqbox generates 10 backup recovery codes. Each code is single-use and in the format xxxx-xxxx-xxxx.
Recovery codes are your safety net when you can't access your authenticator app — for example, if you lose your phone or switch apps.
Recovery codes are shown once, at enrolment. After that, you can regenerate a new set from Account → Security → Recovery codes → Generate new codes.
On the 2FA prompt at sign-in, click Lost your phone? Use a recovery code and type one of your saved codes. The code is consumed after use and cannot be reused.
After using a recovery code, your 2FA factor is cleared. Enrol a new authenticator app as soon as you're signed in to restore full account security.
The Trusted devices card on Account → Security lists every browser that has been granted a 30-day trust for your account.
Each entry shows:
Clicking Revoke invalidates that device's trust immediately. The next time that browser signs in, it will be asked for a 6-digit code again.
Devices expire automatically after 30 days whether you revoke them or not.
Some actions inside Sparqbox require you to confirm your identity mid-session, even if you're already signed in. This is called a step-up verification.
When a step-up is required, a prompt appears asking for your 6-digit code (or a recovery code). If your device is trusted, the step-up is bypassed automatically.
Step-up verification applies to workspace settings changes, billing actions, and similar mutating admin operations.
To remove the authenticator app from your account:
Disabling 2FA also invalidates all your recovery codes and removes all trusted devices for your account.
Sign in
Sign in and find your workspace covers the standard sign-in flow.
Workspace security settings
Workspace settings covers the admin toggle to require 2FA for all members.
Audit log
Audit log shows where 2FA events appear in the workspace event history.